• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Debian + Xen + IPv6, Worked for a bit, now nothing.

Started by zEkE, March 23, 2009, 06:29:05 PM

Previous topic - Next topic

zEkE

Hey guys,

A couple of weeks ago I set up an IPv6 tunnel on my home linux server to play around with and experiment, and so far so good. Once I got the tunnel configured on the router, the server itself was no problem.

Now it comes time to transfer that information to my Xen-based VPS, also running Debian.

For this I created a 2nd tunnel with TunnelBroker.net, and set it up initially using the Linux-net-tools suggested configuration via commandline.

I then tested it by pinging the home linux server and got good replies.

Because I plan on using the IPv6 for RDNS, I then copied my multiple IP script from the home server and modified for the new /64 and interfaces etc, all up it contains ~ 45 IP addresses in IPv6 format, all within the /64 for the VPS.

Now, somewhere around this point I have done something, and I have no idea what, to completely mess this up.

I've been tweaking files, downing and upping interfaces for a couple of hours now, and still haven't found the answer, or even really what is causing the problem, even after reverting to basic configurations.

Alright, quote/code time.

rizzo:~# ip6tables --list
Chain INPUT (policy DROP)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
rizzo:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:16:45:a2:50:28 
          inet addr:69.162.80.40  Bcast:69.162.80.63  Mask:255.255.255.224
          inet6 addr: fe80::216:45ff:fea2:5028/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8553503 errors:1108 dropped:1850 overruns:0 frame:0
          TX packets:9165526 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4606930114 (4.2 GiB)  TX bytes:7109695229 (6.6 GiB)
          Interrupt:32 Base address:0xa000

eth1:0    Link encap:Ethernet  HWaddr 00:16:45:a2:50:28 
          inet addr:69.162.80.41  Bcast:69.162.80.63  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:32 Base address:0xa000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:564733 errors:0 dropped:0 overruns:0 frame:0
          TX packets:564733 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:452189792 (431.2 MiB)  TX bytes:452189792 (431.2 MiB)

sit0      Link encap:IPv6-in-IPv4 
          inet6 addr: ::69.162.80.40/96 Scope:Compat
          inet6 addr: ::69.162.80.41/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f0e:610::2/64 Scope:Global
          inet6 addr: fe80::45a2:5028/64 Scope:Link
          inet6 addr: fe80::45a2:5029/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

rizzo:~# route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::/96                          ::                         Un   256 0     0 sit0
2001:470:1f0e:610::/64         ::                         Un   256 0     0 sit1
fe80::/64                      ::                         U    256 0     0 eth1
fe80::/64                      ::                         Un   256 0     0 sit1
::/0                           ::                         U    1   0     0 sit1
::/0                           ::                         !n   -1  1   531 lo
::1/128                        ::                         Un   0   1    19 lo
::69.162.80.40/128             ::                         Un   0   1     0 lo
::69.162.80.41/128             ::                         Un   0   1     0 lo
::127.0.0.1/128                ::                         Un   0   1     0 lo
2001:470:1f0e:610::2/128       ::                         Un   0   1     0 lo
fe80::45a2:5028/128            ::                         Un   0   1     0 lo
fe80::45a2:5029/128            ::                         Un   0   1     0 lo
fe80::216:45ff:fea2:5028/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth1
ff00::/8                       ::                         U    256 0     0 sit1
::/0                           ::                         !n   -1  1   531 lo
rizzo:~#




Pinging in I get:
Quotetelly:~# ping6 2001:470:1f0e:610::2
PING 2001:470:1f0e:610::2(2001:470:1f0e:610::2) 56 data bytes
^C
--- 2001:470:1f0e:610::2 ping statistics ---
22 packets transmitted, 0 received, 100% packet loss, time 21014ms

telly:~#

Pinging out I get:
Quoterizzo:~# ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:b002::68) 56 data bytes
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4045ms


I'm quite willing to accept that I've done something incredibly stupid and that it's something very small or obvious that I'm missing, I just can't figure out what it is! Any and all help is appreciated.

------ UPDATE ------
I found the point in time where it did work in my scrollback, just in case I needed to prove that it did work at some point (I was beginning to doubt it myself..)

Quoterizzo:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:16:45:a2:50:28 
          inet addr:69.162.80.40  Bcast:69.162.80.63  Mask:255.255.255.224
          inet6 addr: fe80::216:45ff:fea2:5028/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8474766 errors:1100 dropped:1838 overruns:0 frame:0
          TX packets:9113948 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4541528133 (4.2 GiB)  TX bytes:7102295142 (6.6 GiB)
          Interrupt:32 Base address:0xa000

eth1:0    Link encap:Ethernet  HWaddr 00:16:45:a2:50:28 
          inet addr:69.162.80.41  Bcast:69.162.80.63  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:32 Base address:0xa000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:561784 errors:0 dropped:0 overruns:0 frame:0
          TX packets:561784 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:451868640 (430.9 MiB)  TX bytes:451868640 (430.9 MiB)

sit0      Link encap:IPv6-in-IPv4 
          inet6 addr: ::69.162.80.40/96 Scope:Compat
          inet6 addr: ::69.162.80.41/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:4 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f0e:610::2/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:dead:beef:cafe:3/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5419/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5408/64 Scope:Global
          inet6 addr: fe80::45a2:5028/64 Scope:Link
          inet6 addr: 2001:470:1f0e:610:babe:babe:babe:3/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5418/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5409/64 Scope:Global
          inet6 addr: fe80::45a2:5029/64 Scope:Link
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5417/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5406/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5416/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5407/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5415/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5404/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:2:a576:7406:3/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5414/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5405/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5420/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5413/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5402/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5412/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5403/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5411/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5400/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5410/64 Scope:Global
          inet6 addr: 2001:470:1f0e:610:202:a5ff:fe76:5401/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:788 (788.0 B)

rizzo:~# ping6 ipv6.i-al.net
PING ipv6.i-al.net(i.promise.i.am.not.a.chickenkiller.com) 56 data bytes
64 bytes from i.promise.i.am.not.a.chickenkiller.com: icmp_seq=1 ttl=59 time=131 ms
64 bytes from i.promise.i.am.not.a.chickenkiller.com: icmp_seq=2 ttl=59 time=144 ms
^C
--- ipv6.i-al.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 131.188/137.819/144.450/6.631 ms
rizzo:~#

Between this point and the realization that it wasn't working, I:
1. Added another 20 IP's to sit1 (*:5421-5440)
2. Added a user account
3. Apt-get'ed libperl-dev

Number 2 shouldn't matter, and number 1 should have been negated after I've flushed the various IP's and recreated the sit0 and sit1 interfaces several times without them. I also doubt libperl-dev would interfere with the system in this way.. I've been wrong before!

broquea

#1
You do understand that you'll never get to control the rDNS for 2001:470:1f0e:610::/64, as it is the point-to-point allocation, and our page clearly states that the reverse delegation is for your statically routed allocations. (I promise, it has this on the reverse delegation page, not sure how people miss this unless they just skip reading the page).

You should be using 2001:470:1f0f:610::/64 if you want to control rDNS, and probably put them on eth0. The tunnel interface should really just have that single IPv6 address on it, makes for less confusion seeing as it is your IPv6 uplink interface. Also your default routes didn't have a "G" on them specifying which is the gateway. I'd start from scratch, use the "ip" commands from our examples, and make sure you get the basic IPv6 connectivity first. Probably just need to restart networking with the init script to clean it all up.

Using the MAC modified shouldn't be a problem as long as nothing else is using that MAC on the machine or otherwise. Also eth0:1 is slightly deprecated, and can just add IPs to eth0, with "ip addr add address dev eth0", be it IPv4 or IPv6.

snarked


zEkE

Thank you Broquea for advising all the problems I would have realized after fixing the problem, and thank you snarked for the strong hint, which I initially misunderstood.

It seems I gave my IP6Tables script the wrong interface and as a result IP6Tables was preventing the ICMP in/out. While I flushed it out, I didn't notice that all three chains were still denying everything.

After rebooting the machine and reapplying the example configuration it worked wonderfully, so I set about finding the differences in configuration before and after reboot.

I ran the IP6Tables script and found that it was at this point things stopped working. I flushed, same error. Finally realized what snarked was getting at, and set all three tables to ACCEPT, and it worked again. I've now corrected the error in interface assignment, assigned IP's from the correct range (2001:470:1f0f:610::/64) and have the joyous task of correctly assigning (r)DNS again..

Thanks guys!